proto_tree_add_item() calls.
Add new "add_packet_field" method to the TreeItem class, taking a
protocol field (*not* a protocol), TvbRange, and encoding value as
arguments.
Add the ENC_ values to init.lua. Make them all hex #defines so
make-init-lua.pl can easily extract them.
Export tvb_unicode_strsize() for use by Lua (and elsewhere as desired).
Note that it handles UTF-16 and UTF-8, and fix the comment to note that
its count of hexadectets *does* include the null terminator (that's what
the code does).
svn path=/trunk/; revision=42621
same, and that the routines to get "Unicode" strings are really doing
UCS-2 (and not doing anything about code values that aren't valid in
UCS-2 strings).
Have tvb_get_ephemeral_string_enc() separate cases for ASCII and UTF-8,
even though they're *currently* treated the same.
For FT_UINT_STRING, treat an encoding value of TRUE as meaning
"little-endian ASCII"; pass all other encodings through to
tvb_get_ephemeral_string_enc().
svn path=/trunk/; revision=42592
removes a potential buffer overflow and should fix a bunch of Coverity
errors mentioned in bug 6878.
We might want to do the same for no_of_bits.
svn path=/trunk/; revision=41945
The attached patches add the ability to dissect split bit-strings as discussed under bug 6797.
proto_tree_add_split_bits_ret_val()
proto_tree_add_split_bits_crumb()
svn path=/trunk/; revision=41246
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
tvb_get_ephemeral_string() but takes an ENC_ value for the character
encoding. Use it in the MQ dissector to fetch strings to put, for
example, into the Info column, so we properly handle EBCDIC strings
there.
svn path=/trunk/; revision=37876
values, and use them in the MQ dissector, so EBCDIC strings are
displayed as such.
Fix up some other final arguments to proto_tree_add_item().
svn path=/trunk/; revision=37872
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
Rename g_gnuc_malloc.h to g_gnuc.h (since it contains non-malloc related
GNUC stuff).
Use G_GNUC_WARN_UNUSED_RESULT from glib instead of using warn_unused_result
directly.
svn path=/trunk/; revision=36825
return value of proto_item_add_subtree() is used.
(The WARN_IF_UNUSED macro doesn't belong here... But where should it go?)
svn path=/trunk/; revision=36812
orthogonal to the byte order.
This means that we can't just test for a non-zero encoding to determine
whether the format is big-endian or little-endian when we set the
field's endianness flag; instead, for the types where we accept any
non-zero value as meaning "litle-endian", map it to ENC_LITTLE_ENDIAN.
When we use ENC_TIME_NTP, OR in the byte order flag. While we're at it,
in the dissectors that used ENC_TIME_NTP, update all the other encoding
items in proto_tree_add_item() calls to use the appropriate ENC_ value.
svn path=/trunk/; revision=35841
an encoding of ENC_TIME_NTP.
This increases the number of decimal places shown for NTP times (from 6 to 9),
so round the value to the nearest microsecond. (I can't tell if NTP times are
ever more precise than a microsecond--this rounding is mainly to be closer to
the old behavior.)
Use proto_tree_add_item() for some NTP times.
svn path=/trunk/; revision=35840
The event info values were (mostly) done as though they were flags rather than values, but as it doesn't really make sense to combine events I changed them to use contiguous values. They now use the 8 m.s. bits, so there are now 9 unused bits available for new uses.
svn path=/trunk/; revision=32945
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
from which to choose; use that for protocol fields in some protocols
(modify the CORBA generator to use it, and manually update the generated
CORBA dissectors accordingly).
svn path=/trunk/; revision=32777
proto_tree_add_item() and field definitions, and for current use if
somebody finds it more self-documenting (some dissectors already have
their own #defines for that purpose).
svn path=/trunk/; revision=32775
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
a mask to select the base_display_e value from a display field in a
header_field_info structure.
Never select that value by masking out the BASE_RANGE_STRING flag bit,
as that won't continue to work if more flag bits, or other bitfields,
are added. Instead, mask with BASE_DISPLAY_E_MASK.
Note that the base_display_e value and BASE_RANGE_STRING flag are only
for integral field types, and clarify what BASE_DISPLAY_E_MASK is.
Give at least one of the reasons why hiding protocol fields is not
considered a good idea.
svn path=/trunk/; revision=31249
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
This patch optimizes proto_tree_prime_hfid() + friends and
plugs a memleak in the process.
From me:
Removed unused hfindex in proto_tree_new_item()
Fixed ref_count entry in struct header_field_info.
svn path=/trunk/; revision=29137
Currently, if you call proto_tree_free on anything other than the root node of a tree
the tree will get left in an inconsistent state. This is because the parent is left pointing
to the newly freed child.
The traversal code is updated, the parent node update is currently disabled since
freeing is done for the complete tree only at this time, so there is no need to keep
the parent node consistent.
svn path=/trunk/; revision=26466
This patch implements a function for dissecting bitfields with better control
over the resulting representation than the existing proto_tree_add_bitmask()
routine. This function will be used by reworked IPMI/ATCA dissector (bug 2048).
The function is described in README.developer. In short, the differences are as
follows:
- The new function does not require a hf_XXX field for the whole bitmask. When
the bitmask includes several unrelated fields, such hf_XXX field does not make
sense.
- The new function allows better control over the way the sub-item descriptions
are added to the top-level item. For example, proto_tree_add_bitmask() function
does not add non-enumerated integers, does not use true_false_string to display
boolean.
- The new function allows to specify "fallback" text for the top-level item
which is used if no items were added to the top-level item.
svn path=/trunk/; revision=25920
proto.[hc]
define new APIs to allow delayed registration of protocol fields,
so that dissectors with "flexible" fields like xml, radius, diameter,
snmp do not have to load their files at startup but can do so as late as possible.
gtk/dfilter_expr_dlg.c :
have the expression dialog registering all prefixes so that all fileds appear in the dialog
tshark.c
register all prefixes when called with -G
epan/radius_dict.l
epan/dissectors/packet-radius.c
epan/dissectors/packet-radius.h
refactor registration to delay dictionary loading as long as possible
svn path=/trunk/; revision=24762
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
Shuffle the expert severities down, and note that we have only 8 bits
available for FI_ flags unless you shrink the set of event groups and
shuffle them and the expert severities up.
svn path=/trunk/; revision=23731
Move the expert information bits to the top of that field, to avoid
collisions (we had a collision with the 0x00000004 bit).
svn path=/trunk/; revision=23726
packets in the Packet Details View.
This "appendix" bytes are not copied with the Copy functions or in the
Export Selected Packet Bytes.
svn path=/trunk/; revision=22887
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
proto_tree_add_bits_ret_val()
tvb_get_bits()
And modify
proto_tree_add_bits() not to return a value.
little endian is not yet implemented.
svn path=/trunk/; revision=21607
starting at the bit offset given for the number of bits indicated which wll also return
the value of the bits.
Experimental and for review, documentation to be updated.
svn path=/trunk/; revision=21556
copy paste hit again, here is a patch with the accurate declaration of
RVALS in proto.h
Thx gcc-4.1.2 for finding new ways of generating strict aliasing warnings :)
patch with accurate comment and declaration.
svn path=/trunk/; revision=21157
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
proto_can_match_selected() routines, to more clearly separate the two
functions - but have them both call the same underlying routine, so
they both make the same decisions as to whether a match-selected string
can be constructed or not.
svn path=/trunk/; revision=19976
proto_construct_match_selected_string() to indicate what it does - and
have it return a Boolean indication of whether the string could be
built, returning the string through a pointer, and, if that pointer is
null, have it just return the Boolean and not construct the string.
Get rid of proto_can_match_selected() -
proto_construct_match_selected_string() can be used for that, which
means we have only one piece of code that knows whether a "match
selected" string can be constructed or not.
Have proto_construct_match_selected_string() support matching
zero-length FT_NONE (and FT_PCRE, but that shouldn't happen) fields even
if there's no epan_dissect_t, as such a match just checks whether the
field is present.
svn path=/trunk/; revision=19967
This is used to display the field underlined and to allow the user to double-click on it (like FT_FRAMENUM) to open the URL in the configured browser.
Example usage in the x509ce and logotype certificate extensions.
svn path=/trunk/; revision=19383
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
- register H.225.0 over TLS (configurable port 1300)
- register SIP over TLS (fixed port 5061)
- new function proto_tree_get_root()
svn path=/trunk/; revision=19059
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
"proto_tree_add_XXX_format()" routines except that the format doesn't
have to include the field name - the field name, followed by ": ", are
put into the representation string, followed by the result of the
formatting, so you just format the value with the format string, not the
entire representation.
svn path=/trunk/; revision=17221
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
"abort()" if the ETHEREAL_ABORT_ON_DISSECTOR_BUG environment variable is
set; this is for debugging purposes, to make it easier to get a stack
trace of the offending call.
svn path=/trunk/; revision=16013
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
Add some more optional flags to the protocol items, so more "special cases" can be marked in the protocol tree.
New flags:
/** The protocol field has a bad checksum */
FI_CHECKSUM_ERROR
/** The protocol field has an unusual sequence (e.g. TCP window is zero) */
FI_SEQUENCE_WARNING
/** The protocol field has a bad sequence (e.g. TCP segment is lost) */
FI_SEQUENCE_ERROR
svn path=/trunk/; revision=15499
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
by iDEFENSE. Add constant format strings to proto_item_append_text()
in a bunch of other dissectors. Copy a comment from proto.c to proto.h.
svn path=/trunk/; revision=14713
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
optimization for COLUMNS to make ethereal faster when filtering
optimization to make the slow find_protocol_by_id() fast.
(idea from Didier, implementation modified by me to be less intrusive)
svn path=/trunk/; revision=14026
Add a DISSECTOR_ASSERT() macro, which is the usual type of assertion
macro, but throws a DissectorError exception with a message giving the
flien and line number and the failed test as a string. Use that macro
in "alloc_field_info()".
Report that exception in the Info column and the protocol tree, as well
as logging the exception failure with g_warning().
svn path=/trunk/; revision=13078
records by tw fields: base (for integers), and blurb
Add a "-G values" option which shows value strings and true_false strings for
the fields that have them.
svn path=/trunk/; revision=11954
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
Fix the PROTO_ITEM_IS_XXX and PROTO_ITEM_SET_XXX macros by replacing
the if(x) with trigraphs so the macros can still be used in subsequent
conditional tests.
svn path=/trunk/; revision=10758
support them.
From Ronnie Sahlberg: Kerberos updates with new constants from the
current draft, decryption and dissection of Kerberos blobs, and changes
to work with the changed BER dissector.
svn path=/trunk/; revision=10479
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
pointers to the first *and* last child, in the "proto_node" structure
itself. That saves us one level of indirection and memory allocation,
and lets us append to a tree by appending to the last child directly,
rather than having to scan through the list of siblings of the first
child to find the end of that list.
svn path=/trunk/; revision=9171
when adding them to the free list, cast the pointer to the structure to
a pointer to a "freed_item_t" which contains the "next" pointer.
This reduces the memory requirement for some of those structures, and
leaves us free to slab-allocate structures that have a "next" pointer
for other reasons.
svn path=/trunk/; revision=9150
structure, rather than separately allocating "fvalue_t"s and having the
"field_info" structure point to them - this appears to speed up protocol
tree construction a bit.
svn path=/trunk/; revision=9146
create generic macros for allocating/freeing structures.
remove one more slow GMemChunk and replace it with a simple linked list
~4% speed improvement in my tests.
the allocated data is never freed. this may be a problem if ethereal is
ever supported on a platform lacking resource tracking but makes the
implementation faster and simpler.
svn path=/trunk/; revision=9095
Removed the GMemChunk used to allocate/free field_info structures
and used a free list to store the freed structs until they are allocated again.
Ethereal will allocate more field_info structs as it needs to but never free them. Instead the are just placed in a cheap and fast free list so that if we
want to use the struct again, this will be fast.
This affects the speed of the two functions
alloc_field_info() that should be slightly faster now
free_field_info() that was replaced with a 2 line macro.
All in all my testing suggests that ethereal is 2-3% faster with this patch.
svn path=/trunk/; revision=9073
In the GPROF logs proto_registrar_get_nth() used to take anything between 2.5 and 5.5% of the time.
Replace the GLIB array with a handroleld one for one of the private structures.
the function should now be virtually zero cost
and thus ethereal should be 2.5-5.5% faster on those traces.
anyone that wants to, please rerun GPROF with this fix and see what has changed.
svn path=/trunk/; revision=9058
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
any previously-allocated version first, so that they don't leak memory.
From Olivier Biot: add a "proto_item_append_string()" routine, to append
to the string value a protocol tree item has.
svn path=/trunk/; revision=8821
support for registering fields after all the protocol
registration routines are called (i.e., adding fields to the
named field tree as they're registered);
fix the GTK 2.x version of the field list dialog to show the
correct name.
svn path=/trunk/; revision=8248
"proto_construct_dfilter_string()", to more accurately reflect what it
does.
Give it, and "proto_can_match_selected()", an "epan_dissect_t *"
argument, which replaces the raw data pointer argument to
"proto_construct_dfilter_string()".
For fields that don't have a type we can directly filter on, we don't
support filtering on the field as raw data if:
the "epan_dissect_t *" argument is null;
the data source tvbuff for the field isn't the tvbuff for the
"epan_dissect_t" in question (i.e., it's in the result of a
reassembly, and "frame[N:M]" can't get at it).
Trim the length the raw data in the case of such a field to the length
of the tvbuff for the "epan_dissect_t" in question, so we don't go past
it. Fetch the raw data bytes to match from that tvbuff.
Have "proto_construct_dfilter_string()" return a null pointer if it
can't construct the filter string, and have "protocolinfo_packet()" in
the tap-protocolinfo tap ignore a field if
"proto_construct_dfilter_string()" can't construct a filter string for
it - and have it pass NULL as the "epan_dissect_t *", for now. If
somebody decides it makes sense to dump out a "frame[N:M] =" value for
non-registered fields, it can be changed to pass "edt".
svn path=/trunk/; revision=7635
given a tvbuff/offset pair referring to the byte past the end of the
item. Use it in one place in the SMB dissector (there are plenty of
other places where it could be used as well).
svn path=/trunk/; revision=7603
to be using it for stuff that should be hex, and for stuff that should
be Boolean. Use BASE_DEC if it should be decimal, BASE_HEX if it should
be hex, and make it Boolean if it should be Boolean.
svn path=/trunk/; revision=7053
pointer, and put "const" into the casts in "VALS()" and "TFS()" macros,
so we don't un-constify pointers to "value_string" arrays and
"true_false_string" structures.
Make some things "const" to keep the compiler happy with the previous
change.
svn path=/trunk/; revision=6684
floating-point numbers, and display all the significant digits for both
single-precision and double-precision floating-point numbers in the
protocol tree, not just what "%g" does (6 digits).
Put in comments explaining how the length of filter strings is computed,
and fix some of the computations.
svn path=/trunk/; revision=6081
equivalents for the epan/ directory but leave winsock2.h in inet_pton.c
and inet_ntop.c for now (can't estimate the consequences).
svn path=/trunk/; revision=5928
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
the argument is "fields", dump out a table of the fields, as we
currently do; if the argument is "protocols", dump out a table of the
protocols.
svn path=/trunk/; revision=5462
move the code from "dfilter_lookup_token()" into
"proto_registrar_get_byname()", and get rid of "dfilter_lookup_token()"
and have its callers call "proto_registrar_get_byname()" instead.
svn path=/trunk/; revision=5287
ETT_NONE entry.
Initialize the "tree_type" field of a "field_info" structure to -1,
meaning "this has not been given a subtree". Add checks before using
that field that it's in range. That way, you have to create a subtree
before putting protocol tree items under another item.
We allocate the "tree_is_expanded" array when we've registered all
dissectors; there's no need to allocate it while we're registering
dissectors and, in fact, doing so means we leak memory (the memory for
the version we allocated while registering dissectors).
svn path=/trunk/; revision=5068
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
typedef for "struct _value_string"; as such, the incomplete structure
declaration in "epan/proto.h" should declare "struct _value_string", not
"struct value_string", and casts and declarations in that header should
also use "struct _value_string", not "struct value_string".
svn path=/trunk/; revision=4699
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
the parent under which the field was registered.
This is the *unoptimized* version, to give developers something
to use while the optimized version is being created.
svn path=/trunk/; revision=4351
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
from being required by anyone other than packet-data.c.
It can now be accessed with call_dissector() with the name "data".
dissect_data is now also of dissect_t.
svn path=/trunk/; revision=4271
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
It makes no difference if they really are function declarations;
however, in plugins, when building on OSes that don't let
dynamically-loaded modules access functions in the main program (e.g.,
Windows), when compiling a plugin, <plugin_api.h> defines the names of
those functions as (*pointer_name), so they turn into declarations of
pointer variables pointing to the functions in question, and, on
platforms with a def/ref model in the linker, if a plugin has more than
one source file that gets linked into the plugin, the linker may get
upset at two definitions of the same variable.
svn path=/trunk/; revision=4114
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
routines need it.
When a user clicks on a hex digit or on the corresponding character
(the "text dump" portion) in the hex dump, find the field in the
proto_tree that the byte corresponds to, expand the GtkCTree so that
the field is viewable, select the field, and center it vertically.
LanAlyzer has this feature, and I've missed it in Ethereal.
svn path=/trunk/; revision=3096
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
Jakub Zawadzki